Organizations that span several divisions (or ‘domains’) and sub-divisions typically have geographically and functionally separated resources, access to which is required for the functioning of the organization. Such access has a required robustness and security that depend on the organization and its activities, but may be of a very high level in some cases.
Existing role based access solutions typically employ a set of standard techniques. Permissions are mapped between a resource and a requester of that resource statically, access rights are established on a local basis, and access permissions are decided on the basis of a Direct Domain-Resource Mapping alone. Also, the relative locations of a resource access requester and the resources requested are generally disregarded.
However, these approaches have limited scalability across domains and across roles within domains. Furthermore, Direct Domain-Resource Mapping is unsuitable when a single active-entity (generally a user) requires access across domains or outside the designated domains.